@RequestMapping("/roleeditsubmit")
 public ModelAndView roleEditSubmit(
     @RequestParam("role") String role, @RequestParam("id") Long userId) {
   SecurityContext.assertUserHasPrivilege(Privilege.MANAGE_USERS);
   User user = userRepository.find(userId);
   user.setRole(Role.valueOf(role));
   return createModelAndView(user);
 }
 @RequestMapping("/privilegeedit")
 public ModelAndView privilegeEdit(@RequestParam("id") Long userId) {
   SecurityContext.assertUserHasPrivilege(Privilege.MANAGE_USERS);
   User user = userRepository.find(userId);
   return createModelAndView(user);
 }